From d74554973ed1b4a2164f7abc2217df2d793adb9d Mon Sep 17 00:00:00 2001 From: Dewi Roberts Date: Thu, 24 Apr 2025 15:12:57 +0300 Subject: [PATCH 01/23] Begin --- .../integrations/services/atlassian/index.mdx | 52 +++++++++++++++++++ website/sidebarsIntegrations.js | 1 + 2 files changed, 53 insertions(+) create mode 100644 website/integrations/services/atlassian/index.mdx diff --git a/website/integrations/services/atlassian/index.mdx b/website/integrations/services/atlassian/index.mdx new file mode 100644 index 000000000000..32a8a22ae6c7 --- /dev/null +++ b/website/integrations/services/atlassian/index.mdx @@ -0,0 +1,52 @@ +--- +title: Integrate with Atlassian +sidebar_label: Atlassian +support_level: community +--- + +## What is Atlassian + +> Atlassian is an Australian-American proprietary software company that specializes in collaboration tools designed primarily for software development and project management. Their popular products include Jira, Confluence, Bitbucket and Trello. +> +> -- https://www.atlassian.com/ + +## Preparation + +The following placeholders are used in this guide: + +- `authentik.company` is the FQDN of the authentik installation. + +SAML SSO for Atlassian products requires an [Atlassian Guard](https://support.atlassian.com/security-and-access-policies/docs/understand-atlassian-guard/) subscription. Further information on Atlassian requirements can be found in the [Atlassian SSO documentation](https://support.atlassian.com/security-and-access-policies/docs/configure-saml-single-sign-on-with-an-identity-provider/). + +:::note +This documentation lists only the settings that you need to change from their default values. Be aware that any changes other than those explicitly mentioned in this guide could cause issues accessing your application. +::: + +## authentik configuration + +To support the integration of Atlassian with authentik, you need to create an application/provider pair in authentik. + +### Create an application and provider in authentik + +1. Log in to authentik as an admin, and open the authentik Admin interface. +2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) + +- **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. +- **Choose a Provider type**: select **SAML Provider** as the provider type. +- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations. + - _If there are any specific settings required, list them here. Refer to the [ownCloud integration documentation](https://github.com/goauthentik/authentik/blob/main/website/integrations/services/owncloud/index.md) for a complex requirements example._ +- **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/flows-stages/bindings/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page. + +3. Click **Submit** to save the new application and provider. + +## Service configuration + +Insert Service configuration + +1. Write first step here... + +2. Continue with steps.... + +## Configuration verification + +To confirm that authentik is properly configured with Atlassian, log out and log back in via authentik. diff --git a/website/sidebarsIntegrations.js b/website/sidebarsIntegrations.js index 758c566258cf..7db1b7e577d9 100644 --- a/website/sidebarsIntegrations.js +++ b/website/sidebarsIntegrations.js @@ -183,6 +183,7 @@ module.exports = { type: "category", label: "Platforms", items: [ + "services/atlassian/index", "services/budibase/index", "services/drupal/index", "services/pocketbase/index", From b59ae9ee80d319f9cb47cd8a76dcef38a5220f7d Mon Sep 17 00:00:00 2001 From: Dewi Roberts Date: Thu, 24 Apr 2025 18:23:56 +0300 Subject: [PATCH 02/23] Added instructions --- .../integrations/services/atlassian/index.mdx | 54 ++++++++++++++++--- 1 file changed, 48 insertions(+), 6 deletions(-) diff --git a/website/integrations/services/atlassian/index.mdx b/website/integrations/services/atlassian/index.mdx index 32a8a22ae6c7..5b1fe18d4454 100644 --- a/website/integrations/services/atlassian/index.mdx +++ b/website/integrations/services/atlassian/index.mdx @@ -6,7 +6,7 @@ support_level: community ## What is Atlassian -> Atlassian is an Australian-American proprietary software company that specializes in collaboration tools designed primarily for software development and project management. Their popular products include Jira, Confluence, Bitbucket and Trello. +> Atlassian is an Australian-American proprietary software company that specializes in collaboration tools designed primarily for software development and project management. Their popular apps include Jira, Confluence, Bitbucket and Trello. > > -- https://www.atlassian.com/ @@ -16,7 +16,11 @@ The following placeholders are used in this guide: - `authentik.company` is the FQDN of the authentik installation. -SAML SSO for Atlassian products requires an [Atlassian Guard](https://support.atlassian.com/security-and-access-policies/docs/understand-atlassian-guard/) subscription. Further information on Atlassian requirements can be found in the [Atlassian SSO documentation](https://support.atlassian.com/security-and-access-policies/docs/configure-saml-single-sign-on-with-an-identity-provider/). +SAML SSO for Atlassian cloud apps requires an [Atlassian Guard](https://support.atlassian.com/security-and-access-policies/docs/understand-atlassian-guard/) subscription. + +Further information on Atlassian requirements for SSO can be found in the [Atlassian SSO documentation](https://support.atlassian.com/security-and-access-policies/docs/configure-saml-single-sign-on-with-an-identity-provider/). + +This guide applies to all Atlassian cloud products including; Jira, Confluence, Trello, and others. :::note This documentation lists only the settings that you need to change from their default values. Be aware that any changes other than those explicitly mentioned in this guide could cause issues accessing your application. @@ -34,18 +38,56 @@ To support the integration of Atlassian with authentik, you need to create an ap - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. - **Choose a Provider type**: select **SAML Provider** as the provider type. - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations. - - _If there are any specific settings required, list them here. Refer to the [ownCloud integration documentation](https://github.com/goauthentik/authentik/blob/main/website/integrations/services/owncloud/index.md) for a complex requirements example._ + - Temporarily Set the **ACS URL** and **Issuer** to `https://temp.temp` + - Set the **Service Provider Binding** to `Post`. + - Under **Advanced protocol settings**, select an available signing certificate. - **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/flows-stages/bindings/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page. 3. Click **Submit** to save the new application and provider. ## Service configuration -Insert Service configuration +Login to admin.atlassian.com as an admin + +Navigate to admin > identity providers. Under **Choose an identity provider** select **Other provider** + +select a **Directory name** e.g authentik and click Add + +click **set up saml single sign-on** and next + +set the following required configurations: - **Identity provider Entity ID**: `authentik` - **Identity provider SSO URL**: `https://authentik.company/application/saml//sso/binding/redirect/` - **Public x509 certificate**: paste in your public certificate + +click **Add** + +You will be shown a \*Service provider entity URL** and **Service provider assertion consumer service URL\*\*. Copy both + +click next + +Under link domain select a verified domain + +Click **Stop and save SAML** + +### Enabling SSO + +Navigate to admin > external users + +click on **External user policy** + +Under **Authorization method** check "Single sign-on" + +Under **Identity provider** select `authentik`. + +Click update + +### in authentik + +edit the atlassian provider + +set the acs url to the copied **Service provider assertion consumer service URL** (e.g. https://auth.atlassian.com/login/callback?connection=saml-example) -1. Write first step here... +set the audience to the copied **Service provider entitty URL** (e.g. https://auth.atlassian.com/saml/example) -2. Continue with steps.... +click Update ## Configuration verification From e3296f02626cd82ea3524f1b5d10364b42650fed Mon Sep 17 00:00:00 2001 From: Dewi Roberts Date: Thu, 24 Apr 2025 19:08:24 +0300 Subject: [PATCH 03/23] Writtent all required steps --- .../integrations/services/atlassian/index.mdx | 83 ++++++++++--------- 1 file changed, 44 insertions(+), 39 deletions(-) diff --git a/website/integrations/services/atlassian/index.mdx b/website/integrations/services/atlassian/index.mdx index 5b1fe18d4454..62c6ad5f589c 100644 --- a/website/integrations/services/atlassian/index.mdx +++ b/website/integrations/services/atlassian/index.mdx @@ -22,6 +22,11 @@ Further information on Atlassian requirements for SSO can be found in the [Atlas This guide applies to all Atlassian cloud products including; Jira, Confluence, Trello, and others. +:::note +This guide only provides instructions for setting up authentik as a SAML provider for Atlassian. It does not provide instructions for user provisioning. +This requires creating a custom Atlassian API integration that and is beyond the scope of this document. +::: + :::note This documentation lists only the settings that you need to change from their default values. Be aware that any changes other than those explicitly mentioned in this guide could cause issues accessing your application. ::: @@ -36,6 +41,7 @@ To support the integration of Atlassian with authentik, you need to create an ap 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. + - Note the application slug, it will be required in the `Identity provider SSO URL` in the Atlassian configuration section. - **Choose a Provider type**: select **SAML Provider** as the provider type. - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations. - Temporarily Set the **ACS URL** and **Issuer** to `https://temp.temp` @@ -45,50 +51,49 @@ To support the integration of Atlassian with authentik, you need to create an ap 3. Click **Submit** to save the new application and provider. -## Service configuration - -Login to admin.atlassian.com as an admin - -Navigate to admin > identity providers. Under **Choose an identity provider** select **Other provider** - -select a **Directory name** e.g authentik and click Add +### Download the signing certificate -click **set up saml single sign-on** and next - -set the following required configurations: - **Identity provider Entity ID**: `authentik` - **Identity provider SSO URL**: `https://authentik.company/application/saml//sso/binding/redirect/` - **Public x509 certificate**: paste in your public certificate - -click **Add** - -You will be shown a \*Service provider entity URL** and **Service provider assertion consumer service URL\*\*. Copy both - -click next - -Under link domain select a verified domain +1. Log in to authentik as an admin, and open the authentik Admin interface. +2. Navigate to **Applications** > **Providers** and click on the name of the newly created Atlassian provider. +3. Under **Download signing certificate** click the **Download** button. This certificate will be required by Atlassian. + +## Atlassian configuration + +1. Login to admin.atlassian.com as an admin. +2. Navigate to **Security** > **Identity providers**. +3. Under **Choose an identity provider** select **Other provider**. +4. Provide a **Directory name** e.g authentik and click **Add**. +5. Click **Set up SAML single sign-on** and then **Next**. +6. Set the following required configurations: + - **Identity provider Entity ID**: `authentik` + - **Identity provider SSO URL**: `https://authentik.company/application/saml//sso/binding/redirect/` + - **Public x509 certificate**: paste in your public certificate (explain how to copy it from authentik) +7. Click **Add**. +8. You will be shown a **Service provider entity URL** and **Service provider assertion consumer service URL**. Copy both, they will be required in authentik. +9. Click **Next** +10. Under **Link domain** select a verified domain. +11. Click **Stop and save SAML** + +### Add URLs to authentik provider -Click **Stop and save SAML** +1. Log in to authentik as an admin, and open the authentik Admin interface. +2. Navigate to **Applications** > **Providers** and click the **Edit** icon of the newly created Atlassian provider. +3. Under **Protocol settgins**, set the following required configurations: + - **ACS URL**: set the acs url to the copied **Service provider assertion consumer service URL** (e.g. https://auth.atlassian.com/login/callback?connection=saml-example). + - **Audience**: set the audience to the copied **Service provider entitty URL** (e.g. https://auth.atlassian.com/saml/example). +4. Click **Update** ### Enabling SSO -Navigate to admin > external users - -click on **External user policy** - -Under **Authorization method** check "Single sign-on" - -Under **Identity provider** select `authentik`. - -Click update - -### in authentik - -edit the atlassian provider - -set the acs url to the copied **Service provider assertion consumer service URL** (e.g. https://auth.atlassian.com/login/callback?connection=saml-example) - -set the audience to the copied **Service provider entitty URL** (e.g. https://auth.atlassian.com/saml/example) - -click Update +1. Login to admin.atlassian.com as an admin. +2. Navigate to **Security** > **External users**. +3. Click on **External user policy**. +4. Under **Authorization method** check **Single sign-on**. +5. Under **Identity provider** select `authentik`. +6. Click **Update**. ## Configuration verification -To confirm that authentik is properly configured with Atlassian, log out and log back in via authentik. +To confirm that authentik is properly configured with Atlassian, log out of Atlassian cloud and log in using your `External User` Atlassian cloud credentials. + +Open an Atlassian app such as Jira. You will be asked to verify your identity and redirected to your authentik instance. Enter your authentik credentials and you should now be logged into the Atlassian app. From 72f01ef77eada0d6b68ec4ff0e4ec6bade531c52 Mon Sep 17 00:00:00 2001 From: Dewi Roberts Date: Thu, 24 Apr 2025 19:11:09 +0300 Subject: [PATCH 04/23] Atlassian cloud vs atlassian --- website/integrations/services/atlassian/index.mdx | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/website/integrations/services/atlassian/index.mdx b/website/integrations/services/atlassian/index.mdx index 62c6ad5f589c..97be7eef030e 100644 --- a/website/integrations/services/atlassian/index.mdx +++ b/website/integrations/services/atlassian/index.mdx @@ -1,10 +1,10 @@ --- -title: Integrate with Atlassian -sidebar_label: Atlassian +title: Integrate with Atlassian Cloud +sidebar_label: Atlassian Cloud support_level: community --- -## What is Atlassian +## What is Atlassian Cloud > Atlassian is an Australian-American proprietary software company that specializes in collaboration tools designed primarily for software development and project management. Their popular apps include Jira, Confluence, Bitbucket and Trello. > @@ -16,9 +16,9 @@ The following placeholders are used in this guide: - `authentik.company` is the FQDN of the authentik installation. -SAML SSO for Atlassian cloud apps requires an [Atlassian Guard](https://support.atlassian.com/security-and-access-policies/docs/understand-atlassian-guard/) subscription. +SAML SSO for Atlassian Cloud apps requires an [Atlassian Guard](https://support.atlassian.com/security-and-access-policies/docs/understand-atlassian-guard/) subscription. -Further information on Atlassian requirements for SSO can be found in the [Atlassian SSO documentation](https://support.atlassian.com/security-and-access-policies/docs/configure-saml-single-sign-on-with-an-identity-provider/). +Further information on requirements for SSO can be found in the [Atlassian SSO documentation](https://support.atlassian.com/security-and-access-policies/docs/configure-saml-single-sign-on-with-an-identity-provider/). This guide applies to all Atlassian cloud products including; Jira, Confluence, Trello, and others. From 7dd1d19b1a5e7f053cd5259699f6017c191bb5be Mon Sep 17 00:00:00 2001 From: Dewi Roberts Date: Thu, 24 Apr 2025 20:14:06 +0300 Subject: [PATCH 05/23] Added important information section --- .../integrations/services/atlassian/index.mdx | 21 +++++++++---------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/website/integrations/services/atlassian/index.mdx b/website/integrations/services/atlassian/index.mdx index 97be7eef030e..81b068a052c1 100644 --- a/website/integrations/services/atlassian/index.mdx +++ b/website/integrations/services/atlassian/index.mdx @@ -6,26 +6,25 @@ support_level: community ## What is Atlassian Cloud -> Atlassian is an Australian-American proprietary software company that specializes in collaboration tools designed primarily for software development and project management. Their popular apps include Jira, Confluence, Bitbucket and Trello. +> Atlassian is an Australian-American proprietary software company that specializes in collaboration tools designed primarily for software development and project management. Atlassian Cloud is their cloud platform and provides access to their popular apps include Jira, Confluence, Bitbucket, and Trello. > > -- https://www.atlassian.com/ -## Preparation +## Important information -The following placeholders are used in this guide: +This guide only provides instructions for configuring authentik as a SAML provider for Atlassian Cloud. It applies to all Atlassian Cloud apps including; Jira, Confluence, Bitbucket, Trello, and others. -- `authentik.company` is the FQDN of the authentik installation. +This guide does not provide instructions for SCIM user provisioning, which requires creating a custom Atlassian API integration and is beyond the scope of this document. -SAML SSO for Atlassian Cloud apps requires an [Atlassian Guard](https://support.atlassian.com/security-and-access-policies/docs/understand-atlassian-guard/) subscription. +If this guide is implemented, users are still required to login to Atlassian Cloud using Atlassian credentials. Users are asked for authentik credentials when accessing specific Atlassian apps like Jira. -Further information on requirements for SSO can be found in the [Atlassian SSO documentation](https://support.atlassian.com/security-and-access-policies/docs/configure-saml-single-sign-on-with-an-identity-provider/). +## Preparation -This guide applies to all Atlassian cloud products including; Jira, Confluence, Trello, and others. +The following placeholders are used in this guide: -:::note -This guide only provides instructions for setting up authentik as a SAML provider for Atlassian. It does not provide instructions for user provisioning. -This requires creating a custom Atlassian API integration that and is beyond the scope of this document. -::: +- `authentik.company` is the FQDN of the authentik installation. + +SAML SSO for Atlassian Cloud apps requires an [Atlassian Guard](https://support.atlassian.com/security-and-access-policies/docs/understand-atlassian-guard/) subscription and a verified domain. Further information on requirements for SSO can be found in the [Atlassian SSO documentation](https://support.atlassian.com/security-and-access-policies/docs/configure-saml-single-sign-on-with-an-identity-provider/). :::note This documentation lists only the settings that you need to change from their default values. Be aware that any changes other than those explicitly mentioned in this guide could cause issues accessing your application. From e1c29e570bedba46b4ed1832e6439a2b407cf246 Mon Sep 17 00:00:00 2001 From: Dewi Roberts Date: Fri, 25 Apr 2025 14:32:07 +0300 Subject: [PATCH 06/23] Improved wording, removed temporary placeholders, added more detail to the admin account required in Atlassian, fixed typos --- website/integrations/services/atlassian/index.mdx | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/website/integrations/services/atlassian/index.mdx b/website/integrations/services/atlassian/index.mdx index 81b068a052c1..5138ce136530 100644 --- a/website/integrations/services/atlassian/index.mdx +++ b/website/integrations/services/atlassian/index.mdx @@ -6,7 +6,7 @@ support_level: community ## What is Atlassian Cloud -> Atlassian is an Australian-American proprietary software company that specializes in collaboration tools designed primarily for software development and project management. Atlassian Cloud is their cloud platform and provides access to their popular apps include Jira, Confluence, Bitbucket, and Trello. +> Atlassian is an Australian-American proprietary software company that specializes in collaboration tools designed primarily for software development and project management. Atlassian Cloud is their cloud platform and provides access to their popular apps; Jira, Confluence, Bitbucket, Trello and others. > > -- https://www.atlassian.com/ @@ -54,11 +54,11 @@ To support the integration of Atlassian with authentik, you need to create an ap 1. Log in to authentik as an admin, and open the authentik Admin interface. 2. Navigate to **Applications** > **Providers** and click on the name of the newly created Atlassian provider. -3. Under **Download signing certificate** click the **Download** button. This certificate will be required by Atlassian. +3. Under **Download signing certificate** click the **Download** button. The contents of this certificate will be required in the next section. ## Atlassian configuration -1. Login to admin.atlassian.com as an admin. +1. Login to admin.atlassian.com as an Atlassian organization admin. 2. Navigate to **Security** > **Identity providers**. 3. Under **Choose an identity provider** select **Other provider**. 4. Provide a **Directory name** e.g authentik and click **Add**. @@ -66,7 +66,7 @@ To support the integration of Atlassian with authentik, you need to create an ap 6. Set the following required configurations: - **Identity provider Entity ID**: `authentik` - **Identity provider SSO URL**: `https://authentik.company/application/saml//sso/binding/redirect/` - - **Public x509 certificate**: paste in your public certificate (explain how to copy it from authentik) + - **Public x509 certificate**: enter the contents of the certificate that was downloaded in the previous section. 7. Click **Add**. 8. You will be shown a **Service provider entity URL** and **Service provider assertion consumer service URL**. Copy both, they will be required in authentik. 9. Click **Next** @@ -93,6 +93,6 @@ To support the integration of Atlassian with authentik, you need to create an ap ## Configuration verification -To confirm that authentik is properly configured with Atlassian, log out of Atlassian cloud and log in using your `External User` Atlassian cloud credentials. +To confirm that authentik is properly configured with Atlassian Cloud, log out of Atlassian Cloud and log in using your `External User` Atlassian Cloud credentials. -Open an Atlassian app such as Jira. You will be asked to verify your identity and redirected to your authentik instance. Enter your authentik credentials and you should now be logged into the Atlassian app. +At the dashboard, select an Atlassian app such as Jira. You will be asked to verify your identity and be redirected to your authentik instance. Enter your authentik credentials and are now logged into the selected Atlassian app. From 27d5f4cfacb03d21e8400ac921e5cbaf68407951 Mon Sep 17 00:00:00 2001 From: Dewi Roberts Date: Fri, 2 May 2025 08:54:57 +0100 Subject: [PATCH 07/23] Update website/integrations/services/atlassian/index.mdx Co-authored-by: Dominic R Signed-off-by: Dewi Roberts --- website/integrations/services/atlassian/index.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/integrations/services/atlassian/index.mdx b/website/integrations/services/atlassian/index.mdx index 5138ce136530..fd05965418c3 100644 --- a/website/integrations/services/atlassian/index.mdx +++ b/website/integrations/services/atlassian/index.mdx @@ -40,7 +40,7 @@ To support the integration of Atlassian with authentik, you need to create an ap 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. - - Note the application slug, it will be required in the `Identity provider SSO URL` in the Atlassian configuration section. + - Note the application slug, it will be required when filling out the **Identity provider SSO URL** later on. - **Choose a Provider type**: select **SAML Provider** as the provider type. - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations. - Temporarily Set the **ACS URL** and **Issuer** to `https://temp.temp` From 2803ebf2dca3e3b5f868671d14b78a90178b696c Mon Sep 17 00:00:00 2001 From: Dewi Roberts Date: Fri, 2 May 2025 08:55:27 +0100 Subject: [PATCH 08/23] Update website/integrations/services/atlassian/index.mdx Co-authored-by: Dominic R Signed-off-by: Dewi Roberts --- website/integrations/services/atlassian/index.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/integrations/services/atlassian/index.mdx b/website/integrations/services/atlassian/index.mdx index fd05965418c3..21d19a4be17d 100644 --- a/website/integrations/services/atlassian/index.mdx +++ b/website/integrations/services/atlassian/index.mdx @@ -93,6 +93,6 @@ To support the integration of Atlassian with authentik, you need to create an ap ## Configuration verification -To confirm that authentik is properly configured with Atlassian Cloud, log out of Atlassian Cloud and log in using your `External User` Atlassian Cloud credentials. +To verify that authentik is correctly integrated with Atlassian Cloud, first log out of your account. Then, log back in using your credentials for an external user. At the dashboard, select an Atlassian app such as Jira. You will be asked to verify your identity and be redirected to your authentik instance. Enter your authentik credentials and are now logged into the selected Atlassian app. From a3688be5e84c5d4ec6432d0e6cb21144c7373c36 Mon Sep 17 00:00:00 2001 From: Dewi Roberts Date: Fri, 2 May 2025 08:59:37 +0100 Subject: [PATCH 09/23] Update website/integrations/services/atlassian/index.mdx Co-authored-by: Dominic R Signed-off-by: Dewi Roberts --- website/integrations/services/atlassian/index.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/integrations/services/atlassian/index.mdx b/website/integrations/services/atlassian/index.mdx index 21d19a4be17d..efad2ebb1bec 100644 --- a/website/integrations/services/atlassian/index.mdx +++ b/website/integrations/services/atlassian/index.mdx @@ -58,7 +58,7 @@ To support the integration of Atlassian with authentik, you need to create an ap ## Atlassian configuration -1. Login to admin.atlassian.com as an Atlassian organization admin. +1. Log into the [Atlassian administrator portal](https://admin.atlassian.com) as an Atlassian organization admin. 2. Navigate to **Security** > **Identity providers**. 3. Under **Choose an identity provider** select **Other provider**. 4. Provide a **Directory name** e.g authentik and click **Add**. From 0cfb4702eff103b6a2ce483abb37e3e4fd7dfc06 Mon Sep 17 00:00:00 2001 From: Dewi Roberts Date: Fri, 2 May 2025 09:00:27 +0100 Subject: [PATCH 10/23] Update website/integrations/services/atlassian/index.mdx Co-authored-by: Dominic R Signed-off-by: Dewi Roberts --- website/integrations/services/atlassian/index.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/integrations/services/atlassian/index.mdx b/website/integrations/services/atlassian/index.mdx index efad2ebb1bec..ad5110f03346 100644 --- a/website/integrations/services/atlassian/index.mdx +++ b/website/integrations/services/atlassian/index.mdx @@ -12,7 +12,7 @@ support_level: community ## Important information -This guide only provides instructions for configuring authentik as a SAML provider for Atlassian Cloud. It applies to all Atlassian Cloud apps including; Jira, Confluence, Bitbucket, Trello, and others. +This guide offers instructions for setting up authentik as a SAML provider specifically for Atlassian Cloud. It is applicable to all Atlassian Cloud applications, including Jira, Confluence, Bitbucket, Trello, and others. This guide does not provide instructions for SCIM user provisioning, which requires creating a custom Atlassian API integration and is beyond the scope of this document. From 8f1a0df97218d10dd1ef53aca7ecf10581f235e7 Mon Sep 17 00:00:00 2001 From: Dewi Roberts Date: Fri, 2 May 2025 09:00:44 +0100 Subject: [PATCH 11/23] Update website/integrations/services/atlassian/index.mdx Co-authored-by: Dominic R Signed-off-by: Dewi Roberts --- website/integrations/services/atlassian/index.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/integrations/services/atlassian/index.mdx b/website/integrations/services/atlassian/index.mdx index ad5110f03346..052c39c1db9a 100644 --- a/website/integrations/services/atlassian/index.mdx +++ b/website/integrations/services/atlassian/index.mdx @@ -14,7 +14,7 @@ support_level: community This guide offers instructions for setting up authentik as a SAML provider specifically for Atlassian Cloud. It is applicable to all Atlassian Cloud applications, including Jira, Confluence, Bitbucket, Trello, and others. -This guide does not provide instructions for SCIM user provisioning, which requires creating a custom Atlassian API integration and is beyond the scope of this document. +This guide does not include instructions for SCIM user provisioning, as it involves creating a custom Atlassian API integration, which is outside the scope of this document. If this guide is implemented, users are still required to login to Atlassian Cloud using Atlassian credentials. Users are asked for authentik credentials when accessing specific Atlassian apps like Jira. From 684310c9cf026fc4c27a90548cb8173e403ba519 Mon Sep 17 00:00:00 2001 From: Dewi Roberts Date: Fri, 2 May 2025 09:01:22 +0100 Subject: [PATCH 12/23] Update website/integrations/services/atlassian/index.mdx Co-authored-by: Dominic R Signed-off-by: Dewi Roberts --- website/integrations/services/atlassian/index.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/integrations/services/atlassian/index.mdx b/website/integrations/services/atlassian/index.mdx index 052c39c1db9a..e6936d2e1570 100644 --- a/website/integrations/services/atlassian/index.mdx +++ b/website/integrations/services/atlassian/index.mdx @@ -43,7 +43,7 @@ To support the integration of Atlassian with authentik, you need to create an ap - Note the application slug, it will be required when filling out the **Identity provider SSO URL** later on. - **Choose a Provider type**: select **SAML Provider** as the provider type. - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations. - - Temporarily Set the **ACS URL** and **Issuer** to `https://temp.temp` + - Temporarily set the **ACS URL** and **Issuer** to `https://temp.temp` - Set the **Service Provider Binding** to `Post`. - Under **Advanced protocol settings**, select an available signing certificate. - **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/flows-stages/bindings/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page. From 4ed90c567e72e3d2d8e69d82fda7597f16c521ad Mon Sep 17 00:00:00 2001 From: Dewi Roberts Date: Fri, 2 May 2025 09:01:36 +0100 Subject: [PATCH 13/23] Update website/integrations/services/atlassian/index.mdx Co-authored-by: Dominic R Signed-off-by: Dewi Roberts --- website/integrations/services/atlassian/index.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/integrations/services/atlassian/index.mdx b/website/integrations/services/atlassian/index.mdx index e6936d2e1570..ea4f1e2125fb 100644 --- a/website/integrations/services/atlassian/index.mdx +++ b/website/integrations/services/atlassian/index.mdx @@ -45,7 +45,7 @@ To support the integration of Atlassian with authentik, you need to create an ap - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations. - Temporarily set the **ACS URL** and **Issuer** to `https://temp.temp` - Set the **Service Provider Binding** to `Post`. - - Under **Advanced protocol settings**, select an available signing certificate. + - Under **Advanced protocol settings**, set an available signing certificate. - **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/flows-stages/bindings/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page. 3. Click **Submit** to save the new application and provider. From fba71a4fcc393832290b1ac0df8fcedd53e8bd30 Mon Sep 17 00:00:00 2001 From: Dewi Roberts Date: Fri, 2 May 2025 09:03:14 +0100 Subject: [PATCH 14/23] Update website/integrations/services/atlassian/index.mdx Co-authored-by: Dominic R Signed-off-by: Dewi Roberts --- website/integrations/services/atlassian/index.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/integrations/services/atlassian/index.mdx b/website/integrations/services/atlassian/index.mdx index ea4f1e2125fb..c5c46e950c30 100644 --- a/website/integrations/services/atlassian/index.mdx +++ b/website/integrations/services/atlassian/index.mdx @@ -52,7 +52,7 @@ To support the integration of Atlassian with authentik, you need to create an ap ### Download the signing certificate -1. Log in to authentik as an admin, and open the authentik Admin interface. +1. Log into authentik as an admin, and open the authentik Admin interface. 2. Navigate to **Applications** > **Providers** and click on the name of the newly created Atlassian provider. 3. Under **Download signing certificate** click the **Download** button. The contents of this certificate will be required in the next section. From e6157302939db3f6db20ed16f2d3ea9e5134385d Mon Sep 17 00:00:00 2001 From: Dewi Roberts Date: Fri, 2 May 2025 11:56:29 +0300 Subject: [PATCH 15/23] Differentiated between external and internal user accounts, fixed typos and improved wording. --- .../integrations/services/atlassian/index.mdx | 49 +++++++++++++------ 1 file changed, 34 insertions(+), 15 deletions(-) diff --git a/website/integrations/services/atlassian/index.mdx b/website/integrations/services/atlassian/index.mdx index c5c46e950c30..80feca1f5d7e 100644 --- a/website/integrations/services/atlassian/index.mdx +++ b/website/integrations/services/atlassian/index.mdx @@ -6,7 +6,7 @@ support_level: community ## What is Atlassian Cloud -> Atlassian is an Australian-American proprietary software company that specializes in collaboration tools designed primarily for software development and project management. Atlassian Cloud is their cloud platform and provides access to their popular apps; Jira, Confluence, Bitbucket, Trello and others. +> Atlassian is a proprietary software company that specializes in collaboration tools designed primarily for software development and project management. Atlassian Cloud is their cloud platform and provides access to their popular apps; Jira, Confluence, Bitbucket, Trello and others. > > -- https://www.atlassian.com/ @@ -14,9 +14,11 @@ support_level: community This guide offers instructions for setting up authentik as a SAML provider specifically for Atlassian Cloud. It is applicable to all Atlassian Cloud applications, including Jira, Confluence, Bitbucket, Trello, and others. -This guide does not include instructions for SCIM user provisioning, as it involves creating a custom Atlassian API integration, which is outside the scope of this document. +Atlassian Cloud has two types of users; internal and external. -If this guide is implemented, users are still required to login to Atlassian Cloud using Atlassian credentials. Users are asked for authentik credentials when accessing specific Atlassian apps like Jira. +Internal users are defined by their email domain which needs to be a [verified domain in Atlassian Cloud](https://support.atlassian.com/user-management/docs/verify-a-domain-to-manage-accounts/). Internal users are able to utilise SSO without Atlassian Cloud credentials. + +[External users](https://support.atlassian.com/security-and-access-policies/docs/who-are-external-users/) are required to log into Atlassian Cloud using Atlassian Cloud credentials. They are then prompted for authentik credentials when accessing specific Atlassian Cloud apps like Jira. ## Preparation @@ -24,7 +26,7 @@ The following placeholders are used in this guide: - `authentik.company` is the FQDN of the authentik installation. -SAML SSO for Atlassian Cloud apps requires an [Atlassian Guard](https://support.atlassian.com/security-and-access-policies/docs/understand-atlassian-guard/) subscription and a verified domain. Further information on requirements for SSO can be found in the [Atlassian SSO documentation](https://support.atlassian.com/security-and-access-policies/docs/configure-saml-single-sign-on-with-an-identity-provider/). +SAML SSO for Atlassian Cloud apps requires an [Atlassian Guard](https://support.atlassian.com/security-and-access-policies/docs/understand-atlassian-guard/) subscription and a [verified domain](https://support.atlassian.com/user-management/docs/verify-a-domain-to-manage-accounts/). Further information on requirements for SSO can be found in the [Atlassian SSO documentation](https://support.atlassian.com/security-and-access-policies/docs/configure-saml-single-sign-on-with-an-identity-provider/). :::note This documentation lists only the settings that you need to change from their default values. Be aware that any changes other than those explicitly mentioned in this guide could cause issues accessing your application. @@ -32,7 +34,7 @@ This documentation lists only the settings that you need to change from their de ## authentik configuration -To support the integration of Atlassian with authentik, you need to create an application/provider pair in authentik. +To support the integration of Atlassian Cloud with authentik, you need to create an application/provider pair in authentik. ### Create an application and provider in authentik @@ -43,7 +45,7 @@ To support the integration of Atlassian with authentik, you need to create an ap - Note the application slug, it will be required when filling out the **Identity provider SSO URL** later on. - **Choose a Provider type**: select **SAML Provider** as the provider type. - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations. - - Temporarily set the **ACS URL** and **Issuer** to `https://temp.temp` + - Temporarily set the **ACS URL** and **Audience** to `https://temp.temp` - Set the **Service Provider Binding** to `Post`. - Under **Advanced protocol settings**, set an available signing certificate. - **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/flows-stages/bindings/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page. @@ -53,12 +55,12 @@ To support the integration of Atlassian with authentik, you need to create an ap ### Download the signing certificate 1. Log into authentik as an admin, and open the authentik Admin interface. -2. Navigate to **Applications** > **Providers** and click on the name of the newly created Atlassian provider. +2. Navigate to **Applications** > **Providers** and click on the name of the newly created Atlassian Cloud provider. 3. Under **Download signing certificate** click the **Download** button. The contents of this certificate will be required in the next section. -## Atlassian configuration +## Atlassian Cloud configuration -1. Log into the [Atlassian administrator portal](https://admin.atlassian.com) as an Atlassian organization admin. +1. Log into the [Atlassian administrator portal](https://admin.atlassian.com) as an Atlassian Cloud organization admin. 2. Navigate to **Security** > **Identity providers**. 3. Under **Choose an identity provider** select **Other provider**. 4. Provide a **Directory name** e.g authentik and click **Add**. @@ -73,18 +75,29 @@ To support the integration of Atlassian with authentik, you need to create an ap 10. Under **Link domain** select a verified domain. 11. Click **Stop and save SAML** -### Add URLs to authentik provider +## Reconfigure authentik provider 1. Log in to authentik as an admin, and open the authentik Admin interface. -2. Navigate to **Applications** > **Providers** and click the **Edit** icon of the newly created Atlassian provider. +2. Navigate to **Applications** > **Providers** and click the **Edit** icon of the newly created Atlassian Cloud provider. 3. Under **Protocol settgins**, set the following required configurations: - **ACS URL**: set the acs url to the copied **Service provider assertion consumer service URL** (e.g. https://auth.atlassian.com/login/callback?connection=saml-example). - - **Audience**: set the audience to the copied **Service provider entitty URL** (e.g. https://auth.atlassian.com/saml/example). + - **Audience**: set the audience to the copied **Service provider entity URL** (e.g. https://auth.atlassian.com/saml/example). 4. Click **Update** -### Enabling SSO +## Enabling SSO in Atlassian Cloud + +### Internal users + +1. Log into the [Atlassian administrator portal](https://admin.atlassian.com) as an Atlassian Cloud organization admin. +2. Navigate to **Security** > **Authentication policies**. +3. Click **Add policy** at the top right. +4. Select the `authentik` directory and provide a name for the policy. +5. Edit the new policy and check `Enforce single sign-on`. +6. Click **Update**. + +### External users -1. Login to admin.atlassian.com as an admin. +1. Log into the [Atlassian administrator portal](https://admin.atlassian.com) as an Atlassian Cloud organization admin. 2. Navigate to **Security** > **External users**. 3. Click on **External user policy**. 4. Under **Authorization method** check **Single sign-on**. @@ -93,6 +106,12 @@ To support the integration of Atlassian with authentik, you need to create an ap ## Configuration verification +### Internal users + +To verify that authentik is correctly integrated with Atlassian Cloud, first log out of your account. Then, log back in using your credentials for an internal user. You should be redirected to your authentik instance and after succesfully logging in, you should be redirected to the selected Atlassian Cloud app. + +### External users + To verify that authentik is correctly integrated with Atlassian Cloud, first log out of your account. Then, log back in using your credentials for an external user. -At the dashboard, select an Atlassian app such as Jira. You will be asked to verify your identity and be redirected to your authentik instance. Enter your authentik credentials and are now logged into the selected Atlassian app. +Once you reach the Atlassian Cloud dashboard, select an app such as Jira. You will be prompted to verify your identity and redirected to your authentik instance. After succesfully logging in to authentik you should be logged into the selected Atlassian Cloud app. From 3e55d810ebbfafb918c699f7ecf3248bf3ef1621 Mon Sep 17 00:00:00 2001 From: Dewi Roberts Date: Fri, 2 May 2025 12:11:53 +0300 Subject: [PATCH 16/23] Converted important information section to important block and updated language. --- website/integrations/services/atlassian/index.mdx | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/website/integrations/services/atlassian/index.mdx b/website/integrations/services/atlassian/index.mdx index 80feca1f5d7e..6e10da00c45d 100644 --- a/website/integrations/services/atlassian/index.mdx +++ b/website/integrations/services/atlassian/index.mdx @@ -10,15 +10,17 @@ support_level: community > > -- https://www.atlassian.com/ -## Important information - +:::important This guide offers instructions for setting up authentik as a SAML provider specifically for Atlassian Cloud. It is applicable to all Atlassian Cloud applications, including Jira, Confluence, Bitbucket, Trello, and others. -Atlassian Cloud has two types of users; internal and external. +SAML SSO for Atlassian Cloud apps requires an [Atlassian Guard](https://support.atlassian.com/security-and-access-policies/docs/understand-atlassian-guard/) subscription and a [verified domain](https://support.atlassian.com/user-management/docs/verify-a-domain-to-manage-accounts/). Further information on requirements for SSO can be found in the [Atlassian SSO documentation](https://support.atlassian.com/security-and-access-policies/docs/configure-saml-single-sign-on-with-an-identity-provider/). + +Atlassian Cloud has two types of users; **internal** and **external**. Internal users are defined by their email domain which needs to be a [verified domain in Atlassian Cloud](https://support.atlassian.com/user-management/docs/verify-a-domain-to-manage-accounts/). Internal users are able to utilise SSO without Atlassian Cloud credentials. [External users](https://support.atlassian.com/security-and-access-policies/docs/who-are-external-users/) are required to log into Atlassian Cloud using Atlassian Cloud credentials. They are then prompted for authentik credentials when accessing specific Atlassian Cloud apps like Jira. +::: ## Preparation @@ -26,8 +28,6 @@ The following placeholders are used in this guide: - `authentik.company` is the FQDN of the authentik installation. -SAML SSO for Atlassian Cloud apps requires an [Atlassian Guard](https://support.atlassian.com/security-and-access-policies/docs/understand-atlassian-guard/) subscription and a [verified domain](https://support.atlassian.com/user-management/docs/verify-a-domain-to-manage-accounts/). Further information on requirements for SSO can be found in the [Atlassian SSO documentation](https://support.atlassian.com/security-and-access-policies/docs/configure-saml-single-sign-on-with-an-identity-provider/). - :::note This documentation lists only the settings that you need to change from their default values. Be aware that any changes other than those explicitly mentioned in this guide could cause issues accessing your application. ::: From ecd31be049d1987e6fe411baa7e045e3a638c2e2 Mon Sep 17 00:00:00 2001 From: Dewi Roberts Date: Fri, 2 May 2025 12:20:14 +0300 Subject: [PATCH 17/23] Typos --- website/integrations/services/atlassian/index.mdx | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/website/integrations/services/atlassian/index.mdx b/website/integrations/services/atlassian/index.mdx index 6e10da00c45d..3a54d9b88c8b 100644 --- a/website/integrations/services/atlassian/index.mdx +++ b/website/integrations/services/atlassian/index.mdx @@ -108,10 +108,10 @@ To support the integration of Atlassian Cloud with authentik, you need to create ### Internal users -To verify that authentik is correctly integrated with Atlassian Cloud, first log out of your account. Then, log back in using your credentials for an internal user. You should be redirected to your authentik instance and after succesfully logging in, you should be redirected to the selected Atlassian Cloud app. +To verify that authentik is correctly integrated with Atlassian Cloud, first log out of your account. Then, log back in using your credentials for an internal user. You should be redirected to your authentik instance and after successfully logging in, you should be redirected to the selected Atlassian Cloud app. ### External users To verify that authentik is correctly integrated with Atlassian Cloud, first log out of your account. Then, log back in using your credentials for an external user. -Once you reach the Atlassian Cloud dashboard, select an app such as Jira. You will be prompted to verify your identity and redirected to your authentik instance. After succesfully logging in to authentik you should be logged into the selected Atlassian Cloud app. +Once you reach the Atlassian Cloud dashboard, select an app such as Jira. You will be prompted to verify your identity and redirected to your authentik instance. After successfully logging in to authentik you should be logged into the selected Atlassian Cloud app. From 20df7761749f3347752e6fcfc21879236c18d0cf Mon Sep 17 00:00:00 2001 From: Tana M Berry Date: Fri, 2 May 2025 15:37:09 -0500 Subject: [PATCH 18/23] Update website/integrations/services/atlassian/index.mdx Signed-off-by: Tana M Berry --- website/integrations/services/atlassian/index.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/integrations/services/atlassian/index.mdx b/website/integrations/services/atlassian/index.mdx index 3a54d9b88c8b..82053562cdcd 100644 --- a/website/integrations/services/atlassian/index.mdx +++ b/website/integrations/services/atlassian/index.mdx @@ -60,7 +60,7 @@ To support the integration of Atlassian Cloud with authentik, you need to create ## Atlassian Cloud configuration -1. Log into the [Atlassian administrator portal](https://admin.atlassian.com) as an Atlassian Cloud organization admin. +1. Log in to the [Atlassian administrator portal](https://admin.atlassian.com) as an Atlassian Cloud organization admin. 2. Navigate to **Security** > **Identity providers**. 3. Under **Choose an identity provider** select **Other provider**. 4. Provide a **Directory name** e.g authentik and click **Add**. From 07eca224ca750d8c458fe2c77b1fb39ba784003f Mon Sep 17 00:00:00 2001 From: Tana M Berry Date: Fri, 2 May 2025 15:37:30 -0500 Subject: [PATCH 19/23] Update website/integrations/services/atlassian/index.mdx Signed-off-by: Tana M Berry --- website/integrations/services/atlassian/index.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/integrations/services/atlassian/index.mdx b/website/integrations/services/atlassian/index.mdx index 82053562cdcd..31709ffff05f 100644 --- a/website/integrations/services/atlassian/index.mdx +++ b/website/integrations/services/atlassian/index.mdx @@ -97,7 +97,7 @@ To support the integration of Atlassian Cloud with authentik, you need to create ### External users -1. Log into the [Atlassian administrator portal](https://admin.atlassian.com) as an Atlassian Cloud organization admin. +1. Log in to the [Atlassian administrator portal](https://admin.atlassian.com) as an Atlassian Cloud organization admin. 2. Navigate to **Security** > **External users**. 3. Click on **External user policy**. 4. Under **Authorization method** check **Single sign-on**. From ba58e6350a176a5e830fe480cebfe371dce2a7e1 Mon Sep 17 00:00:00 2001 From: Tana M Berry Date: Fri, 2 May 2025 15:39:15 -0500 Subject: [PATCH 20/23] Update website/integrations/services/atlassian/index.mdx Signed-off-by: Tana M Berry --- website/integrations/services/atlassian/index.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/integrations/services/atlassian/index.mdx b/website/integrations/services/atlassian/index.mdx index 31709ffff05f..7ecf675c029e 100644 --- a/website/integrations/services/atlassian/index.mdx +++ b/website/integrations/services/atlassian/index.mdx @@ -114,4 +114,4 @@ To verify that authentik is correctly integrated with Atlassian Cloud, first log To verify that authentik is correctly integrated with Atlassian Cloud, first log out of your account. Then, log back in using your credentials for an external user. -Once you reach the Atlassian Cloud dashboard, select an app such as Jira. You will be prompted to verify your identity and redirected to your authentik instance. After successfully logging in to authentik you should be logged into the selected Atlassian Cloud app. +From the Atlassian Cloud dashboard, select an app such as Jira. You will be prompted to verify your identity and redirected to your authentik instance. After successfully logging in to authentik you should be logged into the selected Atlassian Cloud app. From fc65141fe987ad8207bc15cb66cc3d21b4bce15c Mon Sep 17 00:00:00 2001 From: Tana M Berry Date: Fri, 2 May 2025 15:39:58 -0500 Subject: [PATCH 21/23] Update website/integrations/services/atlassian/index.mdx Signed-off-by: Tana M Berry --- website/integrations/services/atlassian/index.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/integrations/services/atlassian/index.mdx b/website/integrations/services/atlassian/index.mdx index 7ecf675c029e..b628ec969850 100644 --- a/website/integrations/services/atlassian/index.mdx +++ b/website/integrations/services/atlassian/index.mdx @@ -71,7 +71,7 @@ To support the integration of Atlassian Cloud with authentik, you need to create - **Public x509 certificate**: enter the contents of the certificate that was downloaded in the previous section. 7. Click **Add**. 8. You will be shown a **Service provider entity URL** and **Service provider assertion consumer service URL**. Copy both, they will be required in authentik. -9. Click **Next** +9. Click **Next**. 10. Under **Link domain** select a verified domain. 11. Click **Stop and save SAML** From b9a325d324d342686386cd810907e580948edab8 Mon Sep 17 00:00:00 2001 From: Tana M Berry Date: Fri, 2 May 2025 15:41:25 -0500 Subject: [PATCH 22/23] Update website/integrations/services/atlassian/index.mdx Signed-off-by: Tana M Berry --- website/integrations/services/atlassian/index.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/integrations/services/atlassian/index.mdx b/website/integrations/services/atlassian/index.mdx index b628ec969850..fd744a95433a 100644 --- a/website/integrations/services/atlassian/index.mdx +++ b/website/integrations/services/atlassian/index.mdx @@ -60,7 +60,7 @@ To support the integration of Atlassian Cloud with authentik, you need to create ## Atlassian Cloud configuration -1. Log in to the [Atlassian administrator portal](https://admin.atlassian.com) as an Atlassian Cloud organization admin. +1. Log in to the [Atlassian administrator portal](https://admin.atlassian.com) as an Atlassian Cloud organization administrator. 2. Navigate to **Security** > **Identity providers**. 3. Under **Choose an identity provider** select **Other provider**. 4. Provide a **Directory name** e.g authentik and click **Add**. From 79ef4f4dc572a3137d3d3ff50695d019ad9ce3e6 Mon Sep 17 00:00:00 2001 From: Dewi Roberts Date: Mon, 5 May 2025 11:20:29 +0300 Subject: [PATCH 23/23] Edited as per suggestions from Tana --- .../integrations/services/atlassian/index.mdx | 20 +++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/website/integrations/services/atlassian/index.mdx b/website/integrations/services/atlassian/index.mdx index fd744a95433a..31a8723ab76e 100644 --- a/website/integrations/services/atlassian/index.mdx +++ b/website/integrations/services/atlassian/index.mdx @@ -13,8 +13,6 @@ support_level: community :::important This guide offers instructions for setting up authentik as a SAML provider specifically for Atlassian Cloud. It is applicable to all Atlassian Cloud applications, including Jira, Confluence, Bitbucket, Trello, and others. -SAML SSO for Atlassian Cloud apps requires an [Atlassian Guard](https://support.atlassian.com/security-and-access-policies/docs/understand-atlassian-guard/) subscription and a [verified domain](https://support.atlassian.com/user-management/docs/verify-a-domain-to-manage-accounts/). Further information on requirements for SSO can be found in the [Atlassian SSO documentation](https://support.atlassian.com/security-and-access-policies/docs/configure-saml-single-sign-on-with-an-identity-provider/). - Atlassian Cloud has two types of users; **internal** and **external**. Internal users are defined by their email domain which needs to be a [verified domain in Atlassian Cloud](https://support.atlassian.com/user-management/docs/verify-a-domain-to-manage-accounts/). Internal users are able to utilise SSO without Atlassian Cloud credentials. @@ -28,6 +26,8 @@ The following placeholders are used in this guide: - `authentik.company` is the FQDN of the authentik installation. +SAML SSO for Atlassian Cloud apps requires an [Atlassian Guard](https://support.atlassian.com/security-and-access-policies/docs/understand-atlassian-guard/) subscription and a [verified domain](https://support.atlassian.com/user-management/docs/verify-a-domain-to-manage-accounts/). Further information on requirements for SSO can be found in the [Atlassian SSO documentation](https://support.atlassian.com/security-and-access-policies/docs/configure-saml-single-sign-on-with-an-identity-provider/). + :::note This documentation lists only the settings that you need to change from their default values. Be aware that any changes other than those explicitly mentioned in this guide could cause issues accessing your application. ::: @@ -41,14 +41,14 @@ To support the integration of Atlassian Cloud with authentik, you need to create 1. Log in to authentik as an admin, and open the authentik Admin interface. 2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.) -- **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. - - Note the application slug, it will be required when filling out the **Identity provider SSO URL** later on. -- **Choose a Provider type**: select **SAML Provider** as the provider type. -- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations. - - Temporarily set the **ACS URL** and **Audience** to `https://temp.temp` - - Set the **Service Provider Binding** to `Post`. - - Under **Advanced protocol settings**, set an available signing certificate. -- **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/flows-stages/bindings/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page. + - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. + - Note the application slug, it will be required when filling out the **Identity provider SSO URL** later on. + - **Choose a Provider type**: select **SAML Provider** as the provider type. + - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations. + - Temporarily set the **ACS URL** and **Audience** to `https://temp.temp` + - Set the **Service Provider Binding** to `Post`. + - Under **Advanced protocol settings**, set an available signing certificate. + - **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/flows-stages/bindings/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page. 3. Click **Submit** to save the new application and provider.